Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Microsoft launches 'End to End Trust' call to action, observers skeptical

By Ellen Messmer , Network World , 04/09/2008

SAN FRANCISCO -- In his keynote address at the RSA Conference here, Microsoft's chief research and strategy officer Craig Mundie sought to rally the high-tech industry and its customers to an idea Microsoft is calling "End to End Trust," a system for the Internet where identity claims can be validated according to sound security principles.

“We believe that End to End Trust will transform how the industry thinks about and approaches online trust and security,” Mundie said. Microsoft wants broad feedback not just from high-tech, but from government, businesses and people everywhere to make its vision a reality. As to what the idea of End to End Trust vision might entail, Microsoft published a 20-page white paper to explain it, stating “the path forward” includes having a “trusted stack” comprising trusted devices, trusted operating system, trusted applications, trusted people and trusted data plus an audit trail.

“We want to formalize a dialog with a lot more people,” Mundie said. “We need a collaboration with a lot of people making products in this area.”

Microsoft says challenges to achieving this End to End Trust goal will be political, legal and social, not just technical, since online identity touches on notions about privacy and business activity.

One of the few concrete examples that Mundie provided was the idea of a digital certificate that proved someone was at least 18 years ago.

Where exactly Microsoft will go with End to End Trust and the Trusted Stack isn’t readily apparent. Doug Leland, general manager of the identity and access division at Microsoft, said Mundie “laid out a vision for how we’re taking the Trustworthy Computing Initiative,” begun half a dozen years ago. In those years, Microsoft re-tooled its products as it sought better security. Microsoft sees End to End Trust as the next step toward an identity system for the Web. He did say the future ideal of the “trusted stack” would include Windows Server 2008.

However, many seem skeptical about Microsoft’s vision.

“Microsoft will conquer End to End Trust after they’ve conquered the online computing games,” scoffed independent security analyst  and Network World blogger Richard Stiennon, attending the RSA Conference here.

The Liberty Alliance is the organization dedicated to building federated identity across government and private enterprises based on de facto standards such as the Security Assertion Markup Language (SAML), digital certificates, and agreed-upon business guidelines. After a presentation at the RSA Conference about the group’s most recent activities, some panelists expressed views about Mundie's keynote.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous

Join the Discussion